/*     */ package com.zimbra.cs.dav.property;
/*     */ 
/*     */ import com.zimbra.common.account.Key.AccountBy;
/*     */ import com.zimbra.common.service.ServiceException;
/*     */ import com.zimbra.common.util.Log;
/*     */ import com.zimbra.common.util.ZimbraLog;
/*     */ import com.zimbra.cs.account.Account;
/*     */ import com.zimbra.cs.account.Provisioning;
/*     */ import com.zimbra.cs.dav.DavContext;
/*     */ import com.zimbra.cs.dav.DavElements;
/*     */ import com.zimbra.cs.dav.DavException;
/*     */ import com.zimbra.cs.dav.resource.DavResource;
/*     */ import com.zimbra.cs.dav.resource.UrlNamespace;
/*     */ import com.zimbra.cs.mailbox.ACL;
/*     */ import com.zimbra.cs.mailbox.ACL.Grant;
/*     */ import com.zimbra.cs.mailbox.Folder;
/*     */ import com.zimbra.cs.mailbox.MailItem.Type;
/*     */ import java.util.HashMap;
/*     */ import java.util.HashSet;
/*     */ import java.util.List;
/*     */ import java.util.Set;
/*     */ import org.dom4j.Element;
/*     */ import org.dom4j.QName;
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/*     */ public class Acl
/*     */   extends ResourceProperty
/*     */ {
/*     */   protected ACL mAcl;
/*     */   protected String mOwner;
/*     */   
/*     */   public static Set<ResourceProperty> getAclProperties(DavResource rs, Folder folder)
/*     */     throws ServiceException, DavException
/*     */   {
/*  59 */     HashSet<ResourceProperty> props = new HashSet();
/*  60 */     if (folder == null) {
/*  61 */       return props;
/*     */     }
/*  63 */     String owner = rs.getOwner();
/*  64 */     ACL acl = folder.getEffectiveACL();
/*  65 */     props.add(getSupportedPrivilegeSet());
/*  66 */     if (folder != null)
/*     */     {
/*  68 */       if ((folder.getDefaultView() != MailItem.Type.APPOINTMENT) || (folder.getUrl() == null) || (folder.getUrl().equals(""))) {
/*  69 */         props.add(getCurrentUserPrivilegeSet(acl, folder.getAccount()));
/*     */       } else {
/*  71 */         props.add(getCurrentUserPrivilegeSet((short)1));
/*     */       }
/*  73 */       props.add(getPrincipalCollectionSet());
/*     */     }
/*  75 */     props.add(getAcl(acl, owner));
/*  76 */     props.add(getAclRestrictions());
/*     */     
/*  78 */     ResourceProperty p = new ResourceProperty(DavElements.E_OWNER);
/*  79 */     p.setProtected(true);
/*  80 */     Element href = p.addChild(DavElements.E_HREF);
/*  81 */     href.setText(UrlNamespace.getPrincipalUrl(owner));
/*  82 */     props.add(p);
/*     */     
/*     */ 
/*  85 */     p = new ResourceProperty(DavElements.E_GROUP);
/*  86 */     p.setProtected(true);
/*  87 */     props.add(p);
/*  88 */     p = new ResourceProperty(DavElements.E_INHERITED_ACL_SET);
/*  89 */     p.setProtected(true);
/*  90 */     props.add(p);
/*  91 */     return props;
/*     */   }
/*     */   
/*     */   public static ResourceProperty getPrincipalUrl(DavResource rs) {
/*  95 */     return new PrincipalUrl(rs);
/*     */   }
/*     */   
/*  98 */   public static ResourceProperty getAcl(ACL acl, String owner) { return new Acl(acl, owner); }
/*     */   
/*     */   public static ResourceProperty getSupportedPrivilegeSet() {
/* 101 */     return new SupportedPrivilegeSet();
/*     */   }
/*     */   
/*     */   public static ResourceProperty getCurrentUserPrivilegeSet(ACL acl, Account owner) {
/* 105 */     return new CurrentUserPrivilegeSet(acl, owner);
/*     */   }
/*     */   
/*     */   public static ResourceProperty getCurrentUserPrivilegeSet(short rights) {
/* 109 */     return new CurrentUserPrivilegeSet(rights);
/*     */   }
/*     */   
/*     */   public static ResourceProperty getMountpointTargetPrivilegeSet(short rights) {
/* 113 */     return new MountpointTargetPrivilegeSet(rights);
/*     */   }
/*     */   
/*     */   public static ResourceProperty getAclRestrictions() {
/* 117 */     return new AclRestrictions();
/*     */   }
/*     */   
/*     */   public static ResourceProperty getPrincipalCollectionSet() {
/* 121 */     return new PrincipalCollectionSet();
/*     */   }
/*     */   
/*     */   public static ResourceProperty getCurrentUserPrincipal() {
/* 125 */     return new CurrentUserPrincipal();
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */   private Acl(ACL acl, String owner)
/*     */   {
/* 132 */     this(DavElements.E_ACL, acl, owner);
/*     */   }
/*     */   
/*     */   private Acl(QName name, ACL acl, String owner) {
/* 136 */     super(name);
/* 137 */     setProtected(true);
/* 138 */     this.mAcl = acl;
/* 139 */     this.mOwner = owner;
/*     */   }
/*     */   
/*     */   public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */   {
/* 144 */     Element acl = super.toElement(ctxt, parent, true);
/*     */     
/* 146 */     if (this.mAcl == null) {
/* 147 */       return acl;
/*     */     }
/* 149 */     Account ownerAccount = null;
/* 150 */     Account authAccount = ctxt.getAuthAccount();
/*     */     try {
/* 152 */       ownerAccount = Provisioning.getInstance().getAccountByName(this.mOwner);
/*     */     }
/*     */     catch (ServiceException se) {}
/* 155 */     for (ACL.Grant g : this.mAcl.getGrants()) {
/*     */       try {
/* 157 */         if ((ownerAccount == null) || (authAccount.compareTo(ownerAccount) == 0) || (g.getGrantedRights(authAccount, this.mAcl) != 0))
/*     */         {
/* 159 */           Element ace = acl.addElement(DavElements.E_ACE);
/* 160 */           Element principal = ace.addElement(DavElements.E_PRINCIPAL);
/*     */           Element e;
/* 162 */           switch (g.getGranteeType()) {
/*     */           case 1: 
/* 164 */             e = principal.addElement(DavElements.E_HREF);
/* 165 */             e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), "/principals/users/"));
/* 166 */             break;
/*     */           case 7: 
/* 168 */             e = principal.addElement(DavElements.E_HREF);
/* 169 */             e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), "/principals/guests/"));
/* 170 */             break;
/*     */           case 8: 
/*     */             break;
/*     */           
/*     */           case 3: 
/* 175 */             principal.addElement(DavElements.E_AUTHENTICATED);
/* 176 */             break;
/*     */           case 5: 
/* 178 */             e = principal.addElement(DavElements.E_HREF);
/* 179 */             e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), "/principals/cos/"));
/* 180 */             break;
/*     */           case 4: 
/* 182 */             e = principal.addElement(DavElements.E_HREF);
/* 183 */             e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), "/principals/domain/"));
/* 184 */             break;
/*     */           case 2: 
/* 186 */             e = principal.addElement(DavElements.E_HREF);
/* 187 */             e.setText(UrlNamespace.getAclUrl(g.getGranteeId(), "/principals/groups/"));
/* 188 */             break;
/*     */           case 6: 
/* 190 */             principal.addElement(DavElements.E_UNAUTHENTICATED);
/*     */           }
/*     */           
/*     */           
/* 194 */           addGrantDeny(ace, g, true);
/*     */         }
/* 196 */       } catch (DavException e) { ZimbraLog.dav.error("can't add principal: grantee=" + g.getGranteeId(), e);
/*     */       } catch (ServiceException e) {
/* 198 */         ZimbraLog.dav.error("can't add principal: grantee=" + g.getGranteeId(), e);
/*     */       }
/*     */     }
/* 201 */     return acl;
/*     */   }
/*     */   
/*     */   protected Element addGrantDeny(Element ace, ACL.Grant g, boolean isGrant) {
/* 205 */     Element grant = isGrant ? ace.addElement(DavElements.E_GRANT) : ace.addElement(DavElements.E_DENY);
/* 206 */     addPrivileges(grant, g.getGrantedRights());
/* 207 */     return grant;
/*     */   }
/*     */   
/*     */   protected Element addPrivileges(Element grant, short rights) {
/* 211 */     grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_READ_CURRENT_USER_PRIVILEGE_SET);
/* 212 */     if ((rights & 0x1) > 0) {
/* 213 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_READ);
/*     */     }
/* 215 */     if ((rights & 0x2) > 0) {
/* 216 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE);
/* 217 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_CONTENT);
/* 218 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_PROPERTIES);
/*     */     }
/* 220 */     if ((rights & 0x4) > 0) {
/* 221 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_BIND);
/*     */     }
/* 223 */     if ((rights & 0x8) > 0) {
/* 224 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_UNBIND);
/*     */     }
/* 226 */     if ((rights & 0x100) > 0) {
/* 227 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_UNLOCK);
/* 228 */       grant.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_ACL);
/*     */     }
/*     */     
/*     */ 
/*     */ 
/*     */ 
/* 234 */     return grant;
/*     */   }
/*     */   
/*     */ 
/*     */ 
/*     */ 
/*     */ 
/* 241 */   protected static HashMap<String, Short> sRightsMap = new HashMap();
/* 242 */   static { sRightsMap.put("read", Short.valueOf((short)1));
/* 243 */     sRightsMap.put("read-current-user-privilege-set", Short.valueOf((short)1));
/* 244 */     sRightsMap.put("read-free-busy", Short.valueOf((short)0));
/* 245 */     sRightsMap.put("bind", Short.valueOf((short)2));
/* 246 */     sRightsMap.put("unbind", Short.valueOf((short)2));
/* 247 */     sRightsMap.put("write", Short.valueOf((short)2));
/* 248 */     sRightsMap.put("write-acl", Short.valueOf((short)256));
/* 249 */     sRightsMap.put("write-content", Short.valueOf((short)2));
/* 250 */     sRightsMap.put("write-properties", Short.valueOf((short)2));
/* 251 */     sRightsMap.put("unlock", Short.valueOf((short)256));
/*     */   }
/*     */   
/*     */   private static class PrincipalCollectionSet extends ResourceProperty {
/*     */     public PrincipalCollectionSet() {
/* 256 */       super();
/* 257 */       setProtected(true);
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 262 */       Element pcs = parent.addElement(getName());
/* 263 */       Element e = pcs.addElement(DavElements.E_HREF);
/*     */       try {
/* 265 */         e.setText(UrlNamespace.getPrincipalCollectionUrl(ctxt.getAuthAccount()));
/*     */       } catch (ServiceException ex) {
/* 267 */         ZimbraLog.dav.warn("can't generate principal-collection-url", ex);
/*     */       }
/* 269 */       return pcs;
/*     */     }
/*     */   }
/*     */   
/*     */   private static class SupportedPrivilegeSet extends Acl {
/*     */     public SupportedPrivilegeSet() {
/* 275 */       super(null, null, null);
/*     */     }
/*     */     
/*     */     public Element addPrivilege(Element parent, QName name, String description) {
/* 279 */       Element priv = parent.addElement(DavElements.E_SUPPORTED_PRIVILEGE);
/* 280 */       priv.addElement(DavElements.E_PRIVILEGE).addElement(name);
/* 281 */       Element desc = priv.addElement(DavElements.E_DESCRIPTION);
/* 282 */       desc.addAttribute(DavElements.E_LANG, "en-us");
/* 283 */       desc.setText(description);
/*     */       
/* 285 */       return priv;
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 290 */       Element sps = parent.addElement(getName());
/* 291 */       if (nameOnly) {
/* 292 */         return sps;
/*     */       }
/* 294 */       if (this.mAcl == null) {
/* 295 */         return sps;
/*     */       }
/* 297 */       Element all = addPrivilege(sps, DavElements.E_ALL, "any operation");
/* 298 */       addPrivilege(all, DavElements.E_READ, "read calendar, attachment, notebook");
/* 299 */       addPrivilege(all, DavElements.E_WRITE, "add calendar appointment, upload attachment");
/* 300 */       addPrivilege(all, DavElements.E_UNLOCK, "unlock your own resources locked by someone else");
/*     */       
/* 302 */       return sps;
/*     */     }
/*     */   }
/*     */   
/*     */   private static class CurrentUserPrivilegeSet extends Acl {
/*     */     private String mOwnerId;
/*     */     private short mRights;
/*     */     
/* 310 */     public CurrentUserPrivilegeSet(ACL acl, Account owner) { super(acl, owner.getName(), null);
/* 311 */       this.mOwnerId = owner.getId();
/* 312 */       this.mRights = -1;
/*     */     }
/*     */     
/* 315 */     public CurrentUserPrivilegeSet(short rights) { super(null, null, null);
/* 316 */       this.mRights = rights;
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 321 */       Element cups = parent.addElement(getName());
/* 322 */       if (nameOnly) {
/* 323 */         return cups;
/*     */       }
/* 325 */       if (this.mRights > 0)
/*     */       {
/*     */ 
/* 328 */         addPrivileges(cups, this.mRights);
/* 329 */         if ((this.mRights & 0x2) == 0)
/* 330 */           cups.addElement(DavElements.E_PRIVILEGE).addElement(DavElements.E_WRITE_PROPERTIES);
/* 331 */         return cups;
/*     */       }
/*     */       
/*     */ 
/* 335 */       if (ctxt.getAuthAccount().getId().equals(this.mOwnerId)) {
/* 336 */         addPrivileges(cups, (short)15);
/* 337 */         return cups;
/*     */       }
/*     */       
/* 340 */       if (this.mAcl == null) {
/* 341 */         return cups;
/*     */       }
/*     */       
/* 344 */       for (ACL.Grant g : this.mAcl.getGrants()) {
/*     */         try {
/* 346 */           short rights = g.getGrantedRights(ctxt.getAuthAccount(), this.mAcl);
/* 347 */           if (rights > 0) {
/* 348 */             addPrivileges(cups, rights);
/* 349 */             break;
/*     */           }
/*     */         } catch (ServiceException e) {
/* 352 */           ZimbraLog.dav.error("can't add principal: grantee=" + g.getGranteeId(), e);
/*     */         }
/*     */       }
/*     */       
/* 356 */       return cups;
/*     */     }
/*     */   }
/*     */   
/*     */   private static class MountpointTargetPrivilegeSet extends Acl {
/*     */     private short mRights;
/*     */     
/* 363 */     public MountpointTargetPrivilegeSet(short rights) { super(null, null, null);
/* 364 */       this.mRights = rights;
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 369 */       Element mtps = parent.addElement(getName());
/* 370 */       if (nameOnly) {
/* 371 */         return mtps;
/*     */       }
/* 373 */       addPrivileges(mtps, this.mRights);
/* 374 */       return mtps;
/*     */     }
/*     */   }
/*     */   
/*     */   private static class PrincipalUrl
/*     */     extends Acl
/*     */   {
/*     */     private Account mAccount;
/*     */     
/*     */     public PrincipalUrl(DavResource rs)
/*     */     {
/* 385 */       super(null, null, null);
/*     */       try {
/* 387 */         this.mAccount = Provisioning.getInstance().get(Key.AccountBy.name, rs.getOwner());
/*     */       } catch (ServiceException e) {
/* 389 */         ZimbraLog.dav.warn("can't get account " + rs.getOwner(), e);
/*     */       }
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 395 */       Element pu = parent.addElement(getName());
/* 396 */       if (this.mAccount != null)
/* 397 */         pu.addElement(DavElements.E_HREF).setText(UrlNamespace.getPrincipalUrl(this.mAccount));
/* 398 */       return pu;
/*     */     }
/*     */   }
/*     */   
/*     */   private static final short RIGHT_UNSUPPORTED = 0;
/*     */   private static class CurrentUserPrincipal
/*     */     extends Acl
/*     */   {
/*     */     public CurrentUserPrincipal()
/*     */     {
/* 408 */       super(null, null, null);
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 413 */       Element cup = parent.addElement(getName());
/* 414 */       cup.addElement(DavElements.E_HREF).setText(UrlNamespace.getPrincipalUrl(ctxt.getAuthAccount()));
/* 415 */       return cup;
/*     */     }
/*     */   }
/*     */   
/*     */ 
/*     */   private static class AclRestrictions
/*     */     extends Acl
/*     */   {
/*     */     public AclRestrictions()
/*     */     {
/* 425 */       super(null, null, null);
/*     */     }
/*     */     
/*     */     public Element toElement(DavContext ctxt, Element parent, boolean nameOnly)
/*     */     {
/* 430 */       Element ar = parent.addElement(getName());
/* 431 */       ar.addElement(DavElements.E_GRANT_ONLY);
/* 432 */       ar.addElement(DavElements.E_NO_INVERT);
/* 433 */       return ar;
/*     */     }
/*     */   }
/*     */   
/*     */   public static class Ace {
/*     */     private String mPrincipalUrl;
/*     */     private String mId;
/*     */     private short mRights;
/*     */     private byte mGranteeType;
/*     */     
/*     */     public Ace(Element a) throws DavException {
/* 444 */       Element elem = a.element(DavElements.E_PRINCIPAL);
/* 445 */       if (elem == null) {
/* 446 */         throw new DavException("missing principal element", 400);
/*     */       }
/* 448 */       List<Element> principal = elem.elements();
/* 449 */       if (principal.size() != 1)
/* 450 */         throw new DavException("invalid principal element", 400);
/* 451 */       for (Element p : principal) {
/* 452 */         QName name = p.getQName();
/* 453 */         if (name.equals(DavElements.E_HREF)) {
/* 454 */           this.mPrincipalUrl = elem.getText();
/* 455 */           this.mGranteeType = 1;
/*     */           try {
/* 457 */             Account acc = UrlNamespace.getPrincipal(this.mPrincipalUrl);
/* 458 */             if (acc == null)
/* 459 */               throw new DavException("invalid principal: " + this.mPrincipalUrl, 400);
/* 460 */             this.mId = acc.getId();
/*     */           } catch (ServiceException se) {
/* 462 */             throw new DavException("can't find principal: " + this.mPrincipalUrl, 500, se);
/*     */           }
/* 464 */         } else if (name.equals(DavElements.E_ALL)) {
/* 465 */           this.mGranteeType = 6;
/* 466 */         } else if (name.equals(DavElements.E_UNAUTHENTICATED))
/*     */         {
/* 468 */           this.mGranteeType = 6;
/* 469 */         } else if (name.equals(DavElements.E_AUTHENTICATED)) {
/* 470 */           this.mGranteeType = 3;
/*     */         } else {
/* 472 */           throw new DavException("unsupported principal: " + name.getName(), 501);
/*     */         }
/*     */       }
/* 475 */       if (elem != null) {
/* 476 */         elem = elem.element(DavElements.E_HREF);
/*     */       }
/*     */       
/* 479 */       this.mRights = 0;
/* 480 */       elem = a.element(DavElements.E_GRANT);
/* 481 */       if (elem == null)
/* 482 */         throw new DavException("missing grant element", 400);
/* 483 */       List<Element> priv = elem.elements(DavElements.E_PRIVILEGE);
/* 484 */       for (Element p : priv) {
/* 485 */         List<Element> right = p.elements();
/* 486 */         if (right.size() != 1)
/* 487 */           throw new DavException("number of right elements contained in privilege element is not one", 400);
/* 488 */         this.mRights = ((short)(this.mRights | ((Short)Acl.sRightsMap.get(((Element)right.get(0)).getName())).shortValue()));
/*     */       }
/*     */     }
/*     */     
/*     */     public Ace(String id, short rights, byte type) {
/* 493 */       this.mId = id;
/* 494 */       this.mRights = rights;
/* 495 */       this.mGranteeType = type;
/*     */     }
/*     */     
/*     */     public String getPrincipalUrl() {
/* 499 */       if (this.mPrincipalUrl != null) {
/* 500 */         return this.mPrincipalUrl;
/*     */       }
/* 502 */       switch (this.mGranteeType) {
/*     */       case 1: 
/*     */         try {
/* 505 */           Account acct = Provisioning.getInstance().get(Key.AccountBy.id, this.mId);
/* 506 */           this.mPrincipalUrl = UrlNamespace.getPrincipalCollectionUrl(acct);
/*     */         } catch (ServiceException se) {
/* 508 */           ZimbraLog.dav.warn("can't lookup account " + this.mId, se);
/*     */         }
/*     */       }
/*     */       
/* 512 */       return this.mPrincipalUrl;
/*     */     }
/*     */     
/*     */     public String getZimbraId() {
/* 516 */       return this.mId;
/*     */     }
/*     */     
/*     */     public byte getGranteeType() {
/* 520 */       return this.mGranteeType;
/*     */     }
/*     */     
/*     */     public short getRights() {
/* 524 */       return this.mRights;
/*     */     }
/*     */     
/*     */     public boolean hasHref() {
/* 528 */       return this.mGranteeType == 1;
/*     */     }
/*     */   }
/*     */ }


/* Location:              /home/mint/zimbrastore.jar!/com/zimbra/cs/dav/property/Acl.class
 * Java compiler version: 7 (51.0)
 * JD-Core Version:       0.7.1
 */